Should Fediverse Web apps show remote content to unauthenticated users?
Uncategorized
40
Posts
24
Posters
9
Views
-
@evan oh this is a good one
I put "No", I think I prefer a redirect to the source. Though I think I could be pretty easily convinced that as long as the post marked "public" it should be fine
@evan Hm, thinking more on this, if an AP post is quoting a remote post I think I would expect to see the remote content on the original page so maybe I'm shifting back up to yes on my own
-
@evan โฆ but it should be a user-configurable option to withhold even one's "public" posts from unauthenticated users.
This mitigates access by blocked harassers, requiring them the delay of creating new accounts, presumably backed by new email accounts, to even see content from users who've blocked them. That added delay and inconvenience should accelerate most trolls getting bored of, for example, screenshotting and subtooting those who they'd previously harassed directly.
-
YB...
Probably yes for "public" content.
An instance might also limit heavier content to logged-in users to avoid performance issues (e.g. protect against getting DDOSed by a bot, etc).
-
@evan no but...
It should show a digest. Publishing and archiving are distinct from social media but the open web is not.
Discord is not an open web platform. Archiving is exfiltration. But an archive of a digest is just good practice.
The Fediverse is walking and chewing gum at the same time - social media on the open web. But that doesn't mean anonymous users get the privileges of social participation. They get some amount of aggregation and summarisation but as it comes with no expectation of reciprocity it comes with no guarantee of parity.
-
@evan I could see this being something someone wants. I donโt think itโs worth the development cost, and I certainly donโt think it should be a default setting.
-
@evan I voted No, because if you're a curious onlooker checking out the Fediverse, and you start browsing all from within one website, you may mistakenly believe the website you're on *is* the Fediverse (or Mastodon since that's often the branding).
Debatable still. ๐คท
-
@evan I voted "Yes, but" before I read your explanation post.
I was thinking of features such as server A showing a "From around the Fediverse" list of posts, perhaps "curated" with high numbers of likes or retoots (to avoid objectional content accidentally being shown).
I'm not a fan of server A becoming a de facto proxy to the rest of Fedi. A web crawl could destroy a small server by using it like a CDN. Not sure what is a good approach (my lack of knowledge, not that there isn't one).
-
@evan Yes but only because I can't think of a reason NOT to
-
@evan No... but maybe? I don't have a strong reason why they would. I feel like servers should only show their local content, for which they can control access based on publishing user's preferences.
There's also the question of caching: should you show cached remote content that has been deleted?
Except perhaps aggregators, and generally servers with nefarious intents that you can't control anyway (though you can block pushing content to them in the first place).
EDIT: ok, maybe in context of a conversation involving a local user.
-
@evan No (not by default to not implicate unsuspecting self-hosters with legal issues of the third-party content served through their site), but if the admin wants to offer such a service to the public internet they should have easy options to enable it.
-
@evan Yes but only because I can't think of a reason NOT to
@countablenewt @evan
Legal reasons instantly come to my mind. If you serve content through your domain you are initially responsible for it in many jurisdictions. And you really don't want your site serving CSAM... -
@evan I would say no, if I'm understanding correctly. The browser should load b.example's content from b.example, not a copy from a.example . I'm mostly concerned about privacy here.
If a post or profile is *clearly* meant to be fully public to the world (and ideally it's hard for an author to do this by mistake), then I guess it's meant to be shared around, so sure, why not serve copies. Depending on the use case, there could be advantages to that.
-
@evan No...but..
By default no.
Would prefer if this is user choice.
(in the Time of Scrapers, it gets even more complex than that tho)
-
@evan define `unauthenticated`
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@DigiDavidex *coff* *coff*
-
Need to do a search in a manpage or in a file you've sent to a pager? Use
"/search_word". To repeat the same search, type "n" for next or "p" for
previous.
-- Dru <genesis@istar.ca>
-
@luca eh... ๐
-
@freedomofpress
Paywalls may be an important causal factor for the decline of democracies. I wonder if there's any study aboit this.
-
@mullvadnet
They'll have to *really* fast track it if they want to pass it before we yeet them into the rubbish bin of history. Government by announcement only gets you so far when your polls are collapsing and your own guys are saying you should resign.And even if they do, the next government can repeal it easily, because hasty legislation reactively banning things doesn't have any complicated infrastructure to tear down or budget gaps to cover. It can just go away.
-
@dthompson yes.
My point is that this friction is actually valuable.
I canโt actually prevent someone on mastodon from reading my public toots by blocking them, but blocking them still prevents most people from doing so.
โ needs to get UX right. In Hyphanet we usually got that part wrong (e.g. told people "youโre totally insecure" when they actually were safe against the 99% of people who donโt patch their node to spy on their friends).
-
@ArneBab the point is that we don't want to give users a false sense of security by saying that we can prevent something we cannot. we can surely add friction, but that's it.
